12/18/20151 Computer Security Introduction. 12/18/20152 Basic Components 1.Confidentiality: Concealment of information (prevent unauthorized disclosure.

Slides:



Advertisements
Similar presentations
Module 1 Evaluation Overview © Crown Copyright (2000)
Advertisements

Cryptography and Network Security 2 nd Edition by William Stallings Note: Lecture slides by Lawrie Brown and Henric Johnson, Modified by Andrew Yang.
September 10, 2012Introduction to Computer Security ©2004 Matt Bishop Slide #1-1 Chapter 1: Introduction Components of computer security Threats Policies.
G53SEC 1 Foundations of Computer Security. G53SEC Overview of Today’s Lecture: Definitions Fundamental Dilemma Data vs. Information Principles of Computer.
Chap 1: Overview Concepts of CIA: confidentiality, integrity, and availability Confidentiality: concealment of information –The need arises from sensitive.
Cryptography and Network Security Chapter 1
Lecture 1: Overview modified from slides of Lawrie Brown.
1 cs691 chow C. Edward Chow Overview of Computer Security CS691 – Chapter 1 of Matt Bishop.
IT 221: Introduction to Information Security Principles Lecture 1: Introduction to IT Security For Educational Purposes Only Revised: August 28, 2002.
1 Overview CSSE 490 Computer Security Mark Ardis, Rose-Hulman Institute March 8, 2004.
1 Cryptography and Network Security Third Edition by William Stallings Lecturer: Dr. Saleem Al_Zoubi.
22 November Security and Privacy  Security: the protection of data, networks and computing power  Privacy: complying with a person's desires when.
1 An Overview of Computer Security computer security.
Chapter 1: Introduction Components of computer security Threats Policies and mechanisms The role of trust Assurance Operational Issues Human Issues Computer.
July 1, 2004Computer Security: Art and Science © Matt Bishop Slide #1-1 Chapter 1: Introduction Components of computer security Threats Policies.
Stephen S. Yau CSE465 & CSE591, Fall Information Assurance (IA) & Security Overview Concepts Security principles & strategies Techniques Guidelines,
April 1, 2004ECS 235Slide #1 Chapter 1: Introduction Components of computer security Threats Policies and mechanisms The role of trust Assurance Operational.
Introduction (Pendahuluan)  Information Security.
Information Systems Controls for System Reliability -Information Security-
Topics in Information Security Prof. JoAnne Holliday Santa Clara University.
An Introduction to Information Assurance COEN 150 Spring 2007.
Review security basic concepts IT 352 : Lecture 2- part1 Najwa AlGhamdi, MSc – 2012 /1433.
CS526: Information Security Chris Clifton August 26, 2003 Course Overview Portions of the material courtesy Professor Matt Bishop.
Computer Security: Principles and Practice First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown Chapter 1 – Overview.
Computer Security: Principles and Practice
Computer Security “Measures and controls that ensure confidentiality, integrity, and availability of IS assets including hardware, software, firmware,
10/17/20151 Computer Security Introduction. 10/17/20152 Introduction What is the goal of Computer Security? A first definition: To prevent or detect unauthorized.
Chapter VII Security Management for an E-Enterprise -Ramyah Rammohan.
John Carpenter & lecture & Information Security 2008 Lecture 1: Subject Introduction and Security Fundamentals.
CS461/ECE422 — Computer Security I — Spring 2012.
Chapter 1 Overview The NIST Computer Security Handbook defines the term Computer Security as:
Welcome to Introduction to Computer Security. Why Computer Security The past decade has seen an explosion in the concern for the security of information.
1 University of Palestine Information Security Principles ITGD 2202 Ms. Eman Alajrami 2 nd Semester
SECURITY Professor Mona Mursi. ENVIRONMENT IT infrastructures are made up of many components, abstractly: IT infrastructures are made up of many components,
1 Chapter 1 – Background Computer Security T/ Tyseer Alsamany - Computer Security.
Lecture slides prepared for “Computer Security: Principles and Practice”, 3/e, by William Stallings and Lawrie Brown, Chapter 1 “Overview”. © 2016 Pearson.
CIT 380: Securing Computer SystemsSlide #1 CIT 380: Securing Computer Systems Introduction.
Csci5233 computer security & integrity 1 An Overview of Computer Security.
T.A 2013/2014. Wake Up Call! Malware hijacks your , sends death threats. Found in Japan (Oct 2012) Standford University Recent Network Hack May Cost.
Fall 2008CS 334 Computer Security1 CS 334: Computer Security Fall 2008.
Control and Security Frameworks Chapter Three Prepared by: Raval, Fichadia Raval Fichadia John Wiley & Sons, Inc
Copyright © 2013 – Curt Hill Computer Security An Overview.
E-Commerce E-Commerce Security?? Instructor: Safaa S.Y. Dalloul E-Business Level Try to be the Best.
July 1, 2004Computer Security: Art and Science © Matt Bishop Slide #1-1 Chapter 1: Introduction Components of computer security Threats Policies.
November 1, 2004Introduction to Computer Security ©2004 Matt Bishop Slide #1-1 Chapter 1: Introduction Components of computer security Threats Policies.
UNIT-4 Computer Security Classification 2 Online Security Issues Overview Computer security – The protection of assets from unauthorized access, use,
1 Network Security Maaz bin ahmad.. 2 Outline Attacks, services and mechanisms Security attacks Security services Security Mechanisms A model for Internetwork.
Lecturer: Eng. Mohamed Adam Isak PH.D Researcher in CS M.Sc. and B.Sc. of Information Technology Engineering, Lecturer in University of Somalia and Mogadishu.
Advanced System Security Dr. Wayne Summers Department of Computer Science Columbus State University
Introduction to Information Security Module 1. Objectives Definitions of information technology and information security Fundamental Security Concepts.
Computer Security Introduction
CS457 Introduction to Information Security Systems
CS 395: Topics in Computer Security
Overview CSE 465 – Information Assurance Fall 2017 Adam Doupé
Chapter 1: Introduction
CS 450/650 Fundamentals of Integrated Computer Security
Computer and Network Security
Chapter 1: Introduction
Chapter 1: Introduction
INFORMATION SYSTEMS SECURITY and CONTROL
An Overview of Computer Security
Advanced System Security
Overview CSE 365 – Information Assurance Fall 2018 Adam Doupé
Information Security: Terminology
Computer Security Introduction
Security.
Chapter 1: Introduction
Unit # 1: Overview of the Course Dr. Bhavani Thuraisingham
Overview CSE 365 – Information Assurance Fall 2019 Adam Doupé
Presentation transcript:

12/18/20151 Computer Security Introduction

12/18/20152 Basic Components 1.Confidentiality: Concealment of information (prevent unauthorized disclosure of information). 2.Integrity: Trustworthiness of data/resources (prevent unauthorized modifications). Data integrity Origin integrity (authentication) 3.Availability: Ability to use information/resources. (prevent unauthorized withholding of information/resources).

12/18/20153 Basic Components Additionally: Authenticity, accountability, reliability, safety, dependability, survivability...

12/18/20154 Confidentiality Historically, security is closely linked to secrecy. Security involved a few organizations dealing mainly with classified data. However, nowadays security extends far beyond confidentiality. Confidentiality involves: privacy: protection of private data, secrecy: protection of organizational data.

12/18/20155 Integrity “Making sure that everything is as it is supposed to be.” For Computer Security this means: Preventing unauthorized writing or modifications.

12/18/20156 Availability For Computer Systems this means that: Services are accessible and useable (without undue Delay) whenever needed by an authorized entity. For this we need fault-tolerance. Faults may be accidental or malicious ( Byzantine ). Denial of Service attacks are an example of malicious attacks.

12/18/20157 Relationship between Confidentiality Integrity and Availability Integrity Confidentiality Secure Availability

12/18/20158 Other security requirements Reliability – deals with accidental damage, Safety – deals with the impact of system failure caused by the environment, Dependability – reliance can be justifiably placed on the system Survivability – deals with the recovery of the system after massive failure. Accountability -- actions affecting security must be traceable to the responsible party. For this, –Audit information must be kept and protected, –Access control is needed.

12/18/20159 Basic Components Threats – potential violations of security Attacks – violations Attackers – those who execute the violations

12/18/ Threats Disclosure or unauthorized access Deception or acceptance of falsified data Disruption or interruption or prevention Usurpation or unauthorized control

12/18/ More threats Snooping (unauthorized interception) Modification or alteration –Active wiretapping –Man-in-the-middle attacks Masquerading or spoofing Repudiation of origin Denial of receipt Delay Denial of Service

12/18/ Policy and Mechanisms 1.A security policy is a statement of what is / is not allowed. 2.A security mechanism is a method or tool that enforces a security policy.

12/18/ Assumptions of trust Let P be the set of all possible states of a system Q be the set of secure states A mechanism is secure if P ≤ Q A mechanism is precise if P = Q A mechanism is broad if there are states in P which are not in Q

12/18/ Assurance Trust cannot be quantified precisely. System specifications design and implementation can provide a basis for how much one can trust a system. This is called assurance.

12/18/ Goals of Computer Security Security is about protecting assets. This involves: Prevention Detection Reaction (recover/restore assets)

12/18/ Computer Security How to achieve Computer Security: 1.Security principles/concepts: explore general principles/concepts that can be used as a guide to design secure information processing systems. 2.Security mechanisms: explore some of the security mechanisms that can be used to secure information processing systems. 3.Physical/Organizational security: consider physical & organizational security measures (policies)

12/18/ Computer Security Even at this general level there is disagreement on the precise definitions of some of the required security aspects. References: Orange book – US Dept of Defense, Trusted Computer System Evaluation Criteria. ITSEC – European Trusted Computer System Product Criteria. CTCPEC – Canadian Trusted Computer System Product Criteria

12/18/ Fundamental Dilemma: Functionality or Assurance Security mechanisms need additional computational Security policies interfere with working patterns, and can be very inconvenient. Managing security requires additional effort and costs. Ideally there should be a tradeoff.

12/18/ Operational issues –Cost-benefit analysis Example: a database with salary info, which is used by a second system to print pay checks –Risk analysis Environmental dependence Time dependence Remote risk

12/18/ Laws and Customs Export controls Laws of multiple jurisdiction Human issues –Organizational problems (who is responsible for what) –People problems (outsiders/insiders)

12/18/ Tying it all together: how ????

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com. Inc. All rights reserved.